Privacy rules in Asia are changing at a rapid pace. In the past three years alone, five countries have enacted brand new laws, and three countries or jurisdictions have amended existing laws to address emerging issues such as data breaches and direct marketing. Prior to this, only six laws were adopted in a 13– year period. Eleven jurisdictions in Asia now have comprehensive data privacy laws: Australia (amended), Hong Kong (amended), India (new), Japan, Macao, Malaysia (new), New Zealand, the Philippines (new), Singapore (new), South Korea (new) and Taiwan (amended).

While all of these laws are based on core data protection principles, the specific rules are quite different from each other and from laws found in other parts of the world. For example, unlike their European, Latin American and African counterparts, countries in Asia have largely eschewed registration requirements. However, like their European, Latin American and African counterparts, they have embraced cross-border restrictions and breach notification obligations, contrary to the approaches found until now in the established Asian privacy regimes. Moreover, in the wake of growing data breaches, laws with detailed security obligations continue to grow.

Originally published in Privacy & Security Law Report, 13 PVLR 674, 04/21/2014.